[asterisk-dev] auto blacklisting "script kiddies"
Jason Burton
jburton at picriverisp.net
Fri May 4 09:27:01 MST 2007
Can you just blacklist an IP based on the connection frequency and if they
are using different usernames/passwords for every attempt?
If 1.1.1.1 connects using jar/10032103 and jar/12031203 and jar/120102312
blacklist
If 1.1.1.1 connects using jar123/10032103, jar124/10032103, jar125/10032103
Blacklist
Blacklist should be a certain period of time. You can have a mess on your
hands if you make static lists that do not empty after a period of time?
What happens if someone legit tries to connect with a blacklisted IP?
Filtering script kiddies can be complicated if they do it from public
hotspots that your customers might use?
-----Original Message-----
From: asterisk-dev-bounces at lists.digium.com
[mailto:asterisk-dev-bounces at lists.digium.com] On Behalf Of Tzafrir Cohen
Sent: Friday, May 04, 2007 11:57 AM
To: asterisk-dev at lists.digium.com
Subject: Re: [asterisk-dev] auto blacklisting "script kiddies"
On Fri, May 04, 2007 at 12:10:07PM -0300, Christian Villa Real Lopes wrote:
> I like to improve this ideia as follow:
>
> All already registered users IP create an whitelist that never
> blacklists (or configurable never) plus an file/table with a whitelist.
But then, how will new connections register?
(unless you only have static SIP peers)
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir at jabber.org
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir
_______________________________________________
--Bandwidth and Colocation provided by Easynews.com --
asterisk-dev mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-dev
More information about the asterisk-dev
mailing list